package ua.kharkov.knure.pereverziev.diploma.web.command;

import java.io.IOException;
import java.util.HashSet;
import java.util.Set;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;

public class SecureGotoCommand implements Command {
	private static final Logger log = Logger.getLogger(GotoCommand.class);

	private static Set<String> securePaths = getSecurePaths();

	@Override
	public String execute(HttpServletRequest request,
			HttpServletResponse response) throws IOException, ServletException {

		log.debug("Command starts");
		String forward = request.getParameter("path");
		if (!securePaths.contains(forward)) {
			forward = "/login.jsp?error=This option is available only for autorized users!";
		}
		request.getSession().setAttribute("lastPage", forward);
		log.debug("Command finished");
		return forward;
	}

	private static Set<String> getSecurePaths() {
		Set<String> paths = new HashSet<String>(25);
		paths.add("WEB-INF/jsp/registration.jsp");
		paths.add("WEB-INF/jsp/about.jsp");
		return paths;
	}

}
